TRENDnet was recently contacted by a firm with claims of vulnerabilities on the TV-IP344PI and the TEW-816DRM. Updates will be posted on TRENDnet website, and e-mails will be sent to those that registered their products.

A WPA2 vulnerability from the KRACK Attack was revealed on Oct. 16, 2017. This attack affects the entire wireless industry, but affected devices can be patched with a security update. TRENDnet is currently investigating the issue and we are working with our semiconductor chipset partners on patches. Updates will be posted on product download pages once available. Note: The WPA2 KRACK main attack targets client devices against the 4-way handshake, and requires physical proximity. Wi-Fi routers and wireless access points are not affected by this attack. However, to reduce the risk of attacks against your router or access points, disable client functionality and fast roaming (802.11r). For home users, be sure to keep client devices, such as laptops and smartphones, updated.

Some network cameras could be compromised to security vulnerabilities described in ICSA-17-124-01 (Improper Authentication, Password in Configuration), where remote attackers could potentially gain partial access to some administrator pages in the device configuration without the proper credentials, and obtain the administrator password to your device configuration. We strongly recommend that owners of all affected cameras (see list below) with hardware version v1.0R to upgrade to the latest firmware version.

Rapid7, a company that specializes in IT security, released a vulnerability report on video baby monitors, which included TRENDnet’s WiFi Baby Cam, model TV-IP743SIC. The report claims that the WiFi Baby Cam has a fixed user name and password that could be accessed via a direct UART serial connection to the WiFi Baby Cam.